This wiki has undergone a migration to Confluence found Here

Difference between revisions of "Cookbook for Security Considerations"

From HL7Wiki
Jump to navigation Jump to search
Line 7: Line 7:
 
= The Process =
 
= The Process =
  
Formal Process should be followed. See the References below
+
Formal Process should be followed. See the References below (This text comes from section 2)
 
 
This breaks down to generally:
 
 
 
# Define the Scope of the Profile.
 
## Define existing Security Mitigations (e.g. ATS inclusion of Transport Layer Security)
 
## Define the Assets that need to be protected
 
##* This is usually the data objects, and network-services exposed
 
# Risk Process
 
## Brainstorm on potential risks (focus on risks to Data-Confidentiality, Data-Integrity, or Data-Availability)
 
##* See Figure 2.2.1-2: Generic Scenario Components
 
## Determine for each how bad (Impact) it would be if it did happen
 
##* See Figure 2.2.1-3: Guidelines of impact relevance for IHE profiles
 
## Determine each Likelyhood to happen
 
##* See Table 2.2.2-3: Example of probability of occurrence
 
## Calculate the Risk Value
 
##* See Table 2.2.2-5: Example of matrix for relevant risks identification
 
## Address the highest Risk Values first.
 
##* See section 2.2.3.2 Identify mitigations
 
## Each time you put a mitigation in place, you must re-assess as the mitigation may have introduced a new Risk or adjusted the Likelyhood or Impact on other Risks.
 
##* See section 2.2.3.3 Evaluate mitigations
 
# Write the [[Security Considerations]] section
 
## Volume 1: Security Considerations section is for risks and mitigations that are profile-wide
 
## Volume 2+: Security Considerations sections are for risks and mitigations that are transaction or content specific.
 
## focus on the relevant risks and how they have been addressed.  The security section should be a literary presentation of the security constraints (e.g. mandatory or optional grouping with IHE security profile), the security features as well as a summary of the reasons why these constraints and features are required (risks addressed).  It should also include a summary of the risks left to be mitigated by developers and implementers.
 
  
 +
When considering security and privacy issues associated with a standard, one must:
 +
# Identify (See section 2.2)
 +
## And clearly define the scope of the standard, including the baseline assumptions
 +
## New threat scenarios and describe the type of impact that scenario implies
 +
# Analyze (See section 2.3)
 +
## The level of impact and likelihood of occurrence for each threat scenario to determine risk
 +
## Prioritize these risks in order to focus on the most important ones
 +
# Plan (See section 2.4)
 +
## Determine mitigation strategies that should be implemented for all medium to high risk threat scenarios
 +
# Track (See section 2.5)
 +
## Assess the effect of the application of the mitigation strategies
 +
## Reassess the risks by going through steps 2 and 3 until all medium and high risk threat scenarios have been addressed
 +
# Document all security considerations (See section 2.6)
  
 
Do NOT use [http://www.crypto.com/bingo/pr this tool]  :-)
 
Do NOT use [http://www.crypto.com/bingo/pr this tool]  :-)

Revision as of 04:36, 16 February 2010

As not all HL7 standards writers are security experts, this cookbook is intended to provide basic knowledge on conducting a risk assessment and some “tricks of the trade” relevant to Security Considerations section writing. It is not only based on best practice in the field of risk assessment and mitigation but also on the experience of the Security Workgroup while compiling the Security Considerations section for new HL7 works.

This cookbook is specifically intended for HL7 standards writers. Though it is based on best practice, it is not a complete method for thorough risk assessment of a package product. HL7 does not endorse any use of this cookbook outside of the scope of HL7 standards editing.

After presenting the basics of risk assessment and risk mitigation, the cookbook explains how to scope Security Considerations for HL7 standards and finally provides guidelines on the effective writing of the Security Considerations section.

The Process

Formal Process should be followed. See the References below (This text comes from section 2)

When considering security and privacy issues associated with a standard, one must:

  1. Identify (See section 2.2)
    1. And clearly define the scope of the standard, including the baseline assumptions
    2. New threat scenarios and describe the type of impact that scenario implies
  2. Analyze (See section 2.3)
    1. The level of impact and likelihood of occurrence for each threat scenario to determine risk
    2. Prioritize these risks in order to focus on the most important ones
  3. Plan (See section 2.4)
    1. Determine mitigation strategies that should be implemented for all medium to high risk threat scenarios
  4. Track (See section 2.5)
    1. Assess the effect of the application of the mitigation strategies
    2. Reassess the risks by going through steps 2 and 3 until all medium and high risk threat scenarios have been addressed
  5. Document all security considerations (See section 2.6)

Do NOT use this tool :-)

Resources

Examples of Risk Assessment Spreadsheets

  • SAML use in CCOW -- spreadsheet not yet published
  • CDA-Consent -- spreadsheet not yet published